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REMARKS 



Claims 1-4, 7-10, 12-14, 18-22, 24-28 and 33-34 are pending in the present 
application, with claims 1, 12, 22, 26, and 33 being the independent claims. Claims 1, 9-10, 
12-14, 18-22, 24-28, and 33-34 have been amended, and claims 5-6, 15-17, 23 and 29 have 
been canceled. No new matter has been entered. 

In the Final Rejection, dated March 15, 2007, claim 33 stands objected to for wording 
informalities; claims 10, 12-29, and 33-34 stand rejected under 35 U.S.C. § 101; claims 33-34 
stand rejected under 35 U.S.C. § 1 12, first paragraph, as allegedly failing to comply with the 
written description requirement and under 35 U.S.C. § 1 12, second paragraph, as allegedly 
being indefinite; and claims 1-10 and 12-29 stand rejected under 35 U.S.C. § 102(e) as 
allegedly being anticipated by U.S. Patent No. 6,308,274 (Swift). These rejections are 
respectfully traversed. 
Claim Objections - Claim 33 

Claim 33 stands objected to for informalities at lines 7 and 1 1 . Claim 33 has been 
amended to delete the noted informalities. Withdrawal of the objection to claim 33 is 
solicited. 

Rejection under 35 U.S.C § 101 - Claims 10, 12-29, and 33-34 

Claims 10, 12-29, and 33-34 stand rejected under 35 U.S.C. § 101 as allegedly being 
directed to non-statutory subject matter. Claims 10, 12-28, and 33-34 have been amended to 
recite a "computer readable storage medium" so as to obviate this rejection. Reconsideration 
and withdrawal of the rejection based on 35 U.S.C. § 101 is solicited. 
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Rejection under 35 U.S.C. § 112, First Paragraph - Claims 33-34 

Claims 33-34 stand rejected under 35 U.S.C. § 1 12, first paragraph, as allegedly 
failing to comply with the written description requirement. This rejection is traversed. The 
recited language is specifically supported in the originally filed specification at page 11, line 
20, to page 12, line 5. Reconsideration and withdrawal of the rejection based on 35 U.S.C. § 
112, first paragraph, is solicited. 

Rejection under 35 U.S.C. § 112, Second Paragraph - Claims 33-34 

Claims 33-34 stand rejected under 35 U.S.C. § 1 12, second paragraph, as allegedly 
being indefinite for lack of antecedent basis for "the registered dynamic access check 
callback function" in claim 33. Claim 33 has been amended to provide antecedent basis for 
this term. Withdrawal of the rejection based on 35 U.S.C. § 1 12, second paragraph, is 
solicited. 

Rejection under 35 U.S.C. § 102(e) - Claims 1-10 and 12-29 

Claims 1-10 and 12-29 stand rejected under 35 U.S.C. § 102(e) as allegedly being 
anticipated by Swift (USP 6,308,274). Claims 1, 12, and 22 have been amended to obviate 
this rejection. 

In particular, independent claim 1 has been amended to include the features of claims 

5 and 6, claim 12 has been amended to include the features of claims 15-17, and 22 has been 

amended to include the features of claim 23 specifying the step of: 

automatically invoking, via said application programming interface, an 
application-defined dynamic access check routine that performs based upon 
dynamic data and second dynamic policy in the callback access control entry 
for the application, wherein said second dynamic policy is tailored to said 
application and said dynamic data includes authorization policy data stored in 
a callback access control entry or run-time data managed by the application. 

Claim 26 is believed to distinguish over Swift without further amendment. 
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In rejecting the claims, the Examiner has argued that the user and the type of process 
or application used by the user to access the resource corresponds to the claimed dynamic 
data. The Examiner also has argued that accessing a resource using one type of process but 
not another suggests the use of dynamic policies as claimed. Applicant respectfully 
disagrees. In order to prevent such an overly expansive definition of "dynamic data" in the 
context of the invention, key portions of the definition of "dynamic data" has been 
incorporated into independent claims 1,12, 22, and 26 from claim 29. As defined therein, the 
claimed "dynamic data" includes "authorization policy data stored in a callback access 
control entry and/or run-time data managed by the application." Similarly, each "dynamic 
policy" in claims 1,12, and 22 is specified to be "tailored to an application through which the 
resource is accessed." The policies thus apply to the same application - not to specify which 
one of different applications to use (e.g., MS Word or Internet Explorer) as the Examiner 
argues. Applicant submits that Swift does not anticipate the use of such dynamic data and 
policies as so defined. 

Independent claims 1,12, and 22 also have been amended to include the features from 
dependent claims 5-6, 15-17 and 23, respectively, specifying that the application-defined 
dynamic access check routine is automatically invoked via the application programming 
interface to perform "based upon dynamic data and second dynamic policy in the callback 
access control entry" for the application through which the resource is accessed. As noted 
above, Swift does not disclose the claimed dynamic data and dynamic policies and does not 
"automatically invoke" an "application-defined dynamic access check routine" based on such 
dynamic data and policies. On the contrary, Swift provides a mechanism to enforce "least 
privilege," or in some way reduced access, via restricted access tokens. Restricted tokens 
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enable a security mechanism to determine whether a process has access to a resource based 
on a modified, restricted version of an existing access token. The restricted token is based on 
an existing token, and has less access than the existing token. The restricted token is created 
by changing an attribute of one or more security identifiers that allow access in the parent 
token to a setting that denies access in the restricted token. Similarly, the restricted token can 
be created by removing a privilege from the restricted token that is present in the parent 
token. In addition, restricted security identifiers may be placed in a restricted token. Unlike 
the invention, access to the resource is NOT controlled based on "authorization policy data 
stored in a callback access control entry and/or run-time data managed by the application" as 
now claimed in claims 1, 12, 22, and 26. 

Swift further fails to teach that the dynamic data is used to enable the application "to 
assign temporary group membership, based on dynamic factors, to a client for the purpose of 
checking access rights" as claimed in claim 26. 

As noted in the previous response, while the restricted token based system of Swift is 
made more versatile by allowing the creation of restricted access tokens, Swift remains an 
example of a system that enforces static access policy in that every time a token, e.g., a 
restricted token, of Swift is evaluated to determine whether a particular task can be performed 
by a user, or whether an application may access a particular object, the token or restricted 
token is evaluated using static data with static access policies. In particular, Swift enforces a 
static access policy, as described in the background section of Applicants' specification (See 
pages 1-2, first three paragraphs of background). 

Also, Swift says nothing of dynamically varying access policies for a particular 
application or changing a restricted token based on dynamic data. On the contrary, different 
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restricted tokens are associated with different processes and do not provide for dynamic 
access policies regarding a particular application as claimed. The restricted tokens change 
only if the requesting process changes (and the new requesting process has a different 
associated access token) - the restricted tokens themselves are NOT generated for the same 
application according to dynamic factors. Restricted tokens as taught by Swift do not vary a 
client authorization context based on dynamic policies and/or dynamic data for a particular 
application as claimed. 

Since the system of Swift is based on static policy and data and not the dynamic data 
identified with specificity in the claims, Swift cannot be said to teach or suggest the invention 
as set forth in independent claims 1,12, 22, and 26 and, through dependency, claims 2-4, 7- 
10, 13-14, 18-21, 24-25, and 27-28. Reconsideration and withdrawal of the §102(e) rejection 
based on Swift is respectfully requested. 

Upon reconsideration of the claims in view of Swift, the Examiner is again asked to 
note that the Swift patent is commonly owned prior art that falls within the provisions of 35 
U.S.C. §103(c). 

Allowable Subject Matter - Claims 33-34 

Applicant appreciates the Examiner's indication that claims 33-34 include allowable 
subject matter. In view of the amendments to these claims to address the objection to claim 
33 and rejections under 35 U.S.C. §§101, 112, first paragraph, and 112, second paragraph, 
claims 33-34 are now believed to be in condition for allowance. 
Entry of Amendments After Final Rejection 

Applicant notes that the amendments made to the claims do not raise any new issues 
for the Examiner's consideration or extend beyond the scope of the previous prior art search. 
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The independent claims have been amended to include features from dependent claims and to 
include language specifically requested by the Examiner to address the §§101 and 112, 
second paragraph, rejections. Consideration of the amendments requires no further 
consideration and places no further examination burden on the Examiner. Moreover, the 
claim amendments are specifically tailored to resolving the issues raised by the Examiner for 
placing the application in condition for allowance. Entry of the above amendments after 
Final Rejection is thus proper and is respectfully solicited. 
Conclusion 

Applicants believe that the present Amendment is responsive to each of the points 
raised by the Examiner in the Final Rejection, and submits that claims 1-4, 7-10, 12-14, 18- 
22, 24-28 and 33-34 of the application are in condition for allowance. Favorable 
consideration and issuance of a Notice of Allowability are earnestly solicited. 



Date: May 11, 2007 /Michael P. Dunnam/ 
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